1 |
alexxy 11/07/12 21:54:23 |
2 |
|
3 |
Added: tiff-3.9.4-CVE-2011-1167.patch |
4 |
tiff-3.9.4-CVE-2011-0192.patch |
5 |
Log: |
6 |
[media-libs/tiff-compat] Initial import from science overlay |
7 |
|
8 |
(Portage version: 2.2.0_alpha43/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-1167.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-1167.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-1167.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: tiff-3.9.4-CVE-2011-1167.patch |
17 |
=================================================================== |
18 |
Index: ChangeLog |
19 |
=================================================================== |
20 |
RCS file: /cvs/maptools/cvsroot/libtiff/ChangeLog,v |
21 |
retrieving revision 1.602.2.130 |
22 |
diff -r1.602.2.130 ChangeLog |
23 |
0a1,7 |
24 |
> 2011-03-12 Frank Warmerdam <warmerdam@×××××.com> |
25 |
> |
26 |
> * libtiff/tif_thunder.c: Correct potential buffer overflow with |
27 |
> thunder encoded files with wrong bitspersample set. The libtiff |
28 |
> development team would like to thank Marin Barbella and TippingPoint's |
29 |
> Zero Day Initiative for reporting this vulnerability (ZDI-CAN-1004). |
30 |
> |
31 |
Index: libtiff/tif_thunder.c |
32 |
=================================================================== |
33 |
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_thunder.c,v |
34 |
retrieving revision 1.5.2.1 |
35 |
diff -r1.5.2.1 tif_thunder.c |
36 |
27a28 |
37 |
> #include <assert.h> |
38 |
58,62c59,65 |
39 |
< #define SETPIXEL(op, v) { \ |
40 |
< lastpixel = (v) & 0xf; \ |
41 |
< if (npixels++ & 1) \ |
42 |
< *op++ |= lastpixel; \ |
43 |
< else \ |
44 |
--- |
45 |
> #define SETPIXEL(op, v) { \ |
46 |
> lastpixel = (v) & 0xf; \ |
47 |
> if ( npixels < maxpixels ) \ |
48 |
> { \ |
49 |
> if (npixels++ & 1) \ |
50 |
> *op++ |= lastpixel; \ |
51 |
> else \ |
52 |
63a67,84 |
53 |
> } \ |
54 |
> } |
55 |
> |
56 |
> static int |
57 |
> ThunderSetupDecode(TIFF* tif) |
58 |
> { |
59 |
> static const char module[] = "ThunderSetupDecode"; |
60 |
> |
61 |
> if( tif->tif_dir.td_bitspersample != 4 ) |
62 |
> { |
63 |
> TIFFErrorExt(tif->tif_clientdata, module, |
64 |
> "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.", |
65 |
> (int) tif->tif_dir.td_bitspersample ); |
66 |
> return 0; |
67 |
> } |
68 |
> |
69 |
> |
70 |
> return (1); |
71 |
145c166,167 |
72 |
< return (1); |
73 |
--- |
74 |
> |
75 |
> return (1); |
76 |
153a176 |
77 |
> tif->tif_setupdecode = ThunderSetupDecode; |
78 |
165a189 |
79 |
> |
80 |
|
81 |
|
82 |
|
83 |
1.1 media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-0192.patch |
84 |
|
85 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-0192.patch?rev=1.1&view=markup |
86 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff-compat/files/tiff-3.9.4-CVE-2011-0192.patch?rev=1.1&content-type=text/plain |
87 |
|
88 |
Index: tiff-3.9.4-CVE-2011-0192.patch |
89 |
=================================================================== |
90 |
Index: libtiff/tif_fax3.h |
91 |
=================================================================== |
92 |
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_fax3.h,v |
93 |
retrieving revision 1.7 |
94 |
retrieving revision 1.9 |
95 |
diff -r1.7 -r1.9 |
96 |
480a481,486 |
97 |
> if (b1 <= (int) (a0 + TabEnt->Param)) { \ |
98 |
> if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \ |
99 |
> unexpected("VL", a0); \ |
100 |
> goto eol2d; \ |
101 |
> } \ |
102 |
> } \ |